Introduction
The low level nature of Trusted Execution Environments prompts the use of an abstraction layer in order to facilitate the interaction for the end user. This project aims to create this layer by creating a websocket connection to the host to whom the device is connected and will interpret all the commands sent by the host as low level calls. Through this application it is therefore possible to run a rust program inside an Android TEE using a websocket connection to communicate to the outside.
Architecture
The architecture consists into different layers:
- React app: very thin layer which makes the developing on the device easier
- App android: where the websocket client is started continuously polling for the host connection
- Java Native Interface (JNI): the command coming from the host is serialized in bytes and sent to a lower level call implemented in Rust
- Core: the actual rust code which is being wrapped interacting with the underlying TEE. This is dynamically loaded when the Android app starts and where the commands are actually executed. Once the result is available it get serialized again and returned to the apps and forwarded to the host through the websocket connection.
Setup
Requirements
An android device with TEE hardware
- JAVA SDK 11 installed
- Android SDK installed (v33)
- Android NDK installed (v25)
Optional
- Android Studio
Steps
- Link the Rust library project into the rust folder (be sure it compiles when running
cargo build --release): - Create a
local.propertiesfile into theandroid/folder with the path to the android SDK and NDK:
sdk.dir=/opt/android-sdk
ndk.dir=/opt/android-sdk/ndk/25.2.9519653
- Plug the device and run
npm run plugDevice
- Run the reactive-app
npx react-native start
Press a in order to compile and install the app on the device.
- Open websocket ports between the android device and the computer:
- Now the app is looking for a websocket connection to the port
3000on localhost.